Details of VAR-201801-1832

ID

VAR-201801-1832

TITLE

Command execution vulnerability exists in pelco Sarix Pro network camera export.cgi program

Trust: 0.6

sources: CNVD: CNVD-2017-36492

DESCRIPTION

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera export.cgi program. The vulnerability is due to the program's failure to perform security checks on data when executing system commands, allowing attackers to use shell metacharacters to execute arbitrary system commands as root, thereby completely controlling the camera.

Trust: 0.6

sources: CNVD: CNVD-2017-36492

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-36492

AFFECTED PRODUCTS

vendor:

schneider

model:

electric sarix professional model: imp

scope:

version:

-1110-103.29.65

Trust: 0.6

sources: CNVD: CNVD-2017-36492

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-36492
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-36492
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:A/AC:H/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-36492

PATCH

title:

Schneider Pergo Sarix Pro webcam export.cgi command execution vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/107499

Trust: 0.6

sources: CNVD: CNVD-2017-36492

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-36492

Trust: 0.6

sources: CNVD: CNVD-2017-36492

SOURCES

db:

CNVD

id:

CNVD-2017-36492

LAST UPDATE DATE

2022-05-04T09:23:01.115000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-36492

date:

2017-12-07T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-36492

date:

2018-01-08T00:00:00